Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 f610ab96e8cda1cc…

MALICIOUS

Office (OLE) / .XLS

292.5 KB Created: 2006-02-22 11:28:39 Authoring application: Microsoft Excel
MD5: 97b601fa5b9cb9a2cf553bef1e1d3f3e SHA-1: 72ecba8edb795ac5786c19a0403f6a89f13efea2 SHA-256: f610ab96e8cda1ccf01fe2f0259a1799760b4f8fab20d271cb8fbc6b02470dfb
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1204.002 Malicious File

The file is an XLS spreadsheet containing VBA macros. The 'OLE_VBA_MACROS' heuristic confirms the presence of macros, and the 'OLE_VBA_CREATEOBJ' heuristic indicates that these macros are capable of executing code. The macro source is 4254 bytes, suggesting complex functionality. The document body contains database-related fields and a truncated comment mentioning a 'refresh' macro that detects the end of a database, which is likely a lure or obfuscation. The primary function of the macros is inferred to be the execution of arbitrary code, potentially for downloading and executing a secondary payload.

Heuristics 2

  • CreateObject call high OLE_VBA_CREATEOBJ
    CreateObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
c6489db83049b755729313b8013e13e95f21be6fc6c30500927c6b799e68410e		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 4254 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.